README.md

SSRF Slack Notifier

This example immediately dumps any HTTP request it gets to a Slack webhook. This is very useful for when testing for SSRF or blind XSS, as you will be immediately notified if any server makes a request to this URL.

The function listens for any incoming request. When one in received, it constructs a friendly Slack message that details the requesting IP address, a timestamp, and a completed dump of the incoming request. Similar to the req_dump example, I ignore headers that Cloudflare and Zeit add, but if you want those dumped they can be toggled with the environment variable ALL_HEADERS.

To customize the Slack message, modify the renderSlackMessage function in server.js.

The function requires the environment variable SLACK_WEBHOOK.

Deployment

Since it is possible to view public now.sh deployment source code and environment variables, it is advisable to keep your Slack WEBHOOK_URL in a now.sh secret